Thursday, December 14, 2017
Home Tags Transport Layer Security (TLS)

Tag: Transport Layer Security (TLS)

New research shows how an old vulnerability called ROBOT can be exploited using an adaptive chosen-ciphertext attack to reveal the plaintext for a given TLS session.
Two-decade-old hole lets hackers unlock encrypted data A 19-year-old vulnerability in the TLS network security protocol has been found in the software of at least eight IT vendors and open-source projects – and the bug could allow an attacker to decryp...
Sites vulnerable to newly revived ROBOT exploit included Facebook and PayPal.
On December 12, 2017, a research paper with the title Return of Bleichenbacher's Oracle Threat was made publicly available.

This paper describes how some Transport Layer Security (TLS) stacks are vulnerable to variations of the classic Bleichenbac...
TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding,and may therefore be vulnerable to Bleichenbacher-style attacks..

This attack is known as aROBOT attackquot;.
Hey Microsoft, is this your private key? Another day, another credential found wandering without a leash: Microsoft accidentally left a Dynamics 365 TLS certificate and private key where they could leak, and according to the discoverer, took 100 days t...
Tenta DNS, an open-source DNS over TLS resolver, will help preserve users' privacy after the fall of net neutrality.
A security researcher explains how WPA2 Enterprise wireless security can be bypassed and why the EAP-TLS wireless authentication protocol should be more widely deployed to help mitigate risks.
TLS over HTTP? Yes please, says every sysadmin, netizen The Internet Engineering Task Force (IETF) has just put out a new draft for a standard that would enable folks to effectively bypass surveillance equipment on their networks to maintain secure con...
A researcher at this month's SecTor conference will demonstrate the dangers of not employing EAP-TLS wireless security.
Encrypting domain queries with TLS Android users might get better protection for their browsing records, if a Google experiment takes off.…